Mozilla Firefox < 1.5.0.4

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 1.5.0.4. It is, therefore, affected by a vulnerability as referenced in the mfsa2006-31 advisory. - EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via...

RHEL 8 : container-tools:rhel8 (RHSA-2025:23543)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:23543 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: container...

RockyLinux 8 : container-tools:rhel8 (RLSA-2025:23543)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:23543 advisory. runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 Tenable has extracted the preceding...

RHEL 10 : podman (RHSA-2025:23347)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23347 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use...

CVE-2025-68147

Summary (CVE-2025-68147 for OpenSourcePOS) OpenSourcePOS (CodeIgniter PHP app) versions 3.4.0–3.4.1 contain a stored XSS in the “Return Policy” field of the Store Configuration. The flaw stems from insufficient sanitization when saving/displaying the policy, allowing an attacker with configuratio...

CVE-2025-46281

A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox...

CVE-2025-46281

A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2. An app may be able to break out of its sandbox...

CVE-2025-46281

CVE-2025-46281 involves a logic issue that could allow an app to break out of its sandbox on macOS Tahoe. The vulnerability is fixed in macOS Tahoe 26.2. Affected component details are centered on sandbox checks; Apple’s advisory and Red Hat/NVD references reiterate the same sandbox-bypass risk w...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. CVE-2025-14087: buffer underflow in the GVariant parser...

SUSE-SU-2025:4442-1 Security update for glib2

This update for glib2 fixes the following issues: - CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. - CVE-2025-14087: buffer underflow in the GVariant parser...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2025-14512: integer overflow in the GIO escapebytestring function when processing malicious files or remote filesystem attribute values can lead to denial-of-service bsc1254878. CVE-2025-14087: buffer underflow in the GVariant parser...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.6.0 ESR bsc1254551. MFSA 2025-94 CVE-2025-14321: use-after-free in the WebRTC: Signaling component. CVE-2025-14322: sandbox escape due to incorrect boundary conditions in the Graphics:...

CVE-2025-67818

An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path e.g., /etc/... or use parent directory traversal ../../.. to escape the restore root when a backup is restored, potentially creating or...

CVE-2025-67640

Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands...

Apple macOS 安全漏洞

Apple macOS is a suite of specialized operating systems developed for Mac computers by Apple Inc. in the United States. A security vulnerability exists in Apple macOS Tahoe versions prior to 26.2, which stems from an insufficient check resulting in a logic issue that could cause an application to...

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects CVE-2025-52881 For more details about the security issues,...

SUSE SLES12: MozillaFirefox / MozillaFirefox-devel / etc (SUSE-SU-2025:4396-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4396-1 advisory. Update to Firefox Extended Support Release 140.6.0 ESR bsc1254551. - MFSA 2025-94 CVE-2025-14321: use-after-free in the WebRTC: Signaling...

iTerm2 < 3.4.20 RCE (macOS)

The version of iTerm2 installed on the remote host is prior to 3.4.20. It is, therefore, is affected by multiple vulnerabilities: - iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to tmux integration. CVE-2023-46300 - iTerm2...

Thinking Outside The Box [dusted off draft from 2017]

Posted by Jann Horn Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558, but I never got around to writing the second...

USN-7935-1: Linux kernel (Azure) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...